Hello, the problem is somehow caused by nscd. When I disable passwd caching in /etc/nscd.conf and then restart nscd, the shadow passwords can only be seen by root.
Because of the security risk, I recommend to set the severity of this bug to "critical". Regards Christoph -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org